SAP Financial Services Network SOC 2 Audit Report 2017 H2

The scope of this SOC report includes SAP Financial Services Network is hosted in SAP SE's data centers St. Leon–Rot, Germany as well as in co-location data center in Ashburn (Virginia USA).

SAP Financial Services Network is an innovative on-demand solution that connects banks and other financial institutes with their corporate customers on a secure network owned and managed by SAP. The network offers multiple services over one single channel while supporting the deployment of new ones. As key benefits, the solution automates financial transactions, reduces payment rejection rates, eases reconciliation and provides enhanced visibility to corporate treasury. It combines SAP expertise in applications, analytics, and in-memory computing to provide a standard, innovative technology for financial institutions and their corporate customers on a platform that accommodates future integration needs.

SAP Financial Services Network is capable of performing a failover in case of a disaster (disaster recovery). This capability is currently only offered to non-European customers. SAP Financial Services Network is entirely operated by SAP.

SAP Financial Services Network is a product implemented by SAP, and as such it uses the “Idea-toMarket” (I2M) process framework for system and software development. The I2M process framework is ISO-9001 certified.

SOC2 reports fulfill various information and assurance needs of customers and aim to place trust in SAPs service organization systems, processes and controls. These narratives are related to the trust principles Security, Availability, Confidentiality Processing Integrity or Privacy which must be met to demonstrate a well-designed system. SOC 2 also contains details on performed tests and their results. SOC2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC2 Type 2 also
includes the operating effectiveness of controls for a dedicated period of time.

SAP Financial Services Network has prepared SOC2 Type 1 audit report by an independent 3rd party accountant. This version of the report covers the audit period 1. May 2017 to 31. October 2017, the location St. Leon–Rot, Germany as well as in co-location data center in Ashburn (Virginia USA) and the trust principles Security and Confidentiality.

The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.